#u-boot on 2024-10-26 — irc logs at libera.irclog.whitequark.org

2024-10-07 14:56 Tartarus changed the topic of #u-boot to: SOURCE MOVED TO https://source.denx.de/u-boot/u-boot.git / U-Boot v2024.10 is OUT / Merge Window is OPEN, next branch is CLOSED / Release v2025.01 is scheduled for 06 January 2025 / Channel archives at https://libera.irclog.whitequark.org/u-boot

00:25 prabhakalad has quit [Quit: Konversation terminated!]

00:26 prabhakalad has joined #u-boot

00:34 zibolo has quit [Ping timeout: 252 seconds]

00:34 zibolo has joined #u-boot

01:06 Jones42 has joined #u-boot

01:08 Jones42_ has quit [Ping timeout: 248 seconds]

01:24 jclsn has quit [Ping timeout: 265 seconds]

01:26 jclsn has joined #u-boot

01:28 goliath has quit [Quit: SIGSEGV]

02:15 mmu_man has quit [Ping timeout: 255 seconds]

02:23 mmu_man has joined #u-boot

02:46 jclsn has quit [Ping timeout: 244 seconds]

02:48 jclsn has joined #u-boot

02:50 mmu_man has quit [Ping timeout: 252 seconds]

03:01 Jones42_ has joined #u-boot

03:04 Jones42 has quit [Ping timeout: 265 seconds]

03:11 vagrantc has quit [Quit: leaving]

05:01 Wouter01002 has quit [Quit: The Lounge - https://thelounge.chat]

05:03 Wouter01002 has joined #u-boot

05:38 tec has quit [Quit: bye!]

05:39 tec has joined #u-boot

06:06 rvalue has joined #u-boot

06:50 Jones42_ has quit [Ping timeout: 252 seconds]

06:52 persmule has quit [Remote host closed the connection]

07:18 naoki has joined #u-boot

07:43 warpme has joined #u-boot

07:45 warpme has quit [Client Quit]

07:50 Stat_headcrabbed has joined #u-boot

07:51 warpme has joined #u-boot

07:54 warpme has quit [Client Quit]

07:59 mmu_man has joined #u-boot

08:16 naoki has quit [Quit: naoki]

08:17 <sjg1> marex: LeSpocky: I think updating -f auto to add hash by default should be fine

08:24 warpme has joined #u-boot

08:35 slobodan has joined #u-boot

09:24 slobodan has quit [Ping timeout: 265 seconds]

09:29 naoki has joined #u-boot

09:30 naoki has quit [Client Quit]

09:33 Jones42 has joined #u-boot

09:38 Jones42 has quit [Ping timeout: 248 seconds]

09:46 slobodan has joined #u-boot

10:04 mmu_man has quit [Ping timeout: 255 seconds]

10:05 slobodan has quit [Read error: Connection reset by peer]

10:06 slobodan has joined #u-boot

10:06 Wouter01002 has quit [Quit: The Lounge - https://thelounge.chat]

10:07 Wouter01002 has joined #u-boot

10:10 mmu_man has joined #u-boot

10:31 warpme has quit [Quit: My MacBook has gone to sleep. ZZZzzz…]

10:32 warpme has joined #u-boot

10:35 warpme has quit [Client Quit]

10:58 slobodan has quit [Changing host]

10:58 slobodan has joined #u-boot

11:22 goliath has joined #u-boot

11:30 mmu_man has quit [Ping timeout: 265 seconds]

11:43 mmu_man has joined #u-boot

11:46 glaroque has quit [Quit: Connection closed for inactivity]

12:28 warpme has joined #u-boot

13:01 Wouter01002 has quit [Quit: The Lounge - https://thelounge.chat]

13:02 Wouter01002 has joined #u-boot

13:42 persmule has joined #u-boot

13:45 edwinistrator238 has quit [Quit: The Lounge - https://thelounge.chat]

13:47 swiftgeek has joined #u-boot

13:51 edwinistrator238 has joined #u-boot

13:54 warpme has quit [Quit: My MacBook has gone to sleep. ZZZzzz…]

14:24 <marex> sjg1: actually, it seems like adding a hash node to /configurations does not insert a hash there ?

14:28 <sjg1> marex: No, you cannot hash a configuration

14:31 slobodan has quit [Ping timeout: 252 seconds]

14:43 dsimic has quit [Ping timeout: 260 seconds]

14:44 dsimic has joined #u-boot

14:49 <marex> sjg1: why not ?

14:50 <marex> sjg1: what does signature do in the configuration then ? doesn't it has the node ?

14:51 <sjg1> marex: The configuration is not an image, so hashing it would have no effect. Signing the configuration hashes the nodes that to which it refers (aka the devicetree metadata). Since images have a hash node, this protects the images for change

14:51 <marex> sjg1: but you can (and should) hash the config node too ?

14:52 <marex> when signing that is

14:54 <sjg1> marex: Yes, it is hashed

14:54 <sjg1> See https://elinux.org/Boot_Loaders#Verified_Boot_on_Chrome_OS_and_How_to_do_it_yourself_.5BELCE_2013.5D

14:54 <sjg1> slide 34

14:55 <sjg1> (I mean, some of it is hashed)

14:56 <marex> sjg1: so ... you can has a configuration ?

14:57 <sjg1> Well, signatures are done by hashing various bits and then signing the hash

14:58 <sjg1> But it makes no sense to add a hash node to a configuration...the hash nodes are for the data properties, and configuration nodes don't have those

15:00 <marex> sjg1: why does it make no sense ? don't the hashes allow u-boot to detect bitrot ?

15:04 <sjg1> Do the slides help?

15:08 <marex> sjg1: no ?

15:08 <marex> sjg1: the question is simple -- why does it make no sense to attach hash to configuration ? won't that prevent bitrot ?

15:09 <marex> s@prevent@allow detection@

15:09 <marex> I need coffee ...

15:16 <sjg1> If someone changes an image, the image hash will detect that. If someone changes the image hash, the configuration signature will detect that

15:16 goliath has quit [Quit: SIGSEGV]

15:21 slobodan has joined #u-boot

15:23 <marex> sjg1: I am not talking about signed fitImages, I am talking about plain hashed fitImages used during development

15:30 urja has quit [Read error: Connection reset by peer]

15:34 swiftgeek has quit [Ping timeout: 245 seconds]

15:35 <sjg1> marex: OK, but unfortunately I am lost at this point

15:39 <marex> sjg1: let me ask again then -- why can we not hash configuration node and attach a hash of it to fitImage to detect bitrot in the configuration node ?

15:42 <sjg1> what does 'attach a hash of it to fitimage' mean, in practice?

15:44 edwinistrator238 has quit [Quit: The Lounge - https://thelounge.chat]

15:45 edwinistrator238 has joined #u-boot

15:47 edwinistrator238 has quit [Client Quit]

15:48 urja has joined #u-boot

15:50 rvalue has quit [Read error: Connection reset by peer]

15:51 rvalue has joined #u-boot

15:55 edwinistrator238 has joined #u-boot

15:59 swiftgeek has joined #u-boot

15:59 mmu_man has quit [Ping timeout: 244 seconds]

16:08 mmu_man has joined #u-boot

16:10 slobodan has quit [Changing host]

16:10 slobodan has joined #u-boot

16:25 alexeymin has joined #u-boot

16:37 goliath has joined #u-boot

16:55 <marex> sjg1: it means configuration node bitrot can be detected

17:51 goliath has quit [Quit: SIGSEGV]

18:13 alexxy has quit [Quit: No Ping reply in 180 seconds.]

18:19 alexxy has joined #u-boot

18:19 slobodan has quit [Read error: Connection reset by peer]

18:21 slobodan has joined #u-boot

18:42 goliath has joined #u-boot

18:53 lehmanju has quit [Quit: The Lounge - https://thelounge.chat]

18:55 lehmanju has joined #u-boot

19:01 naoki has joined #u-boot

19:03 alexxy has quit [Quit: No Ping reply in 180 seconds.]

19:06 alexxy has joined #u-boot

19:07 mmu_man has quit [Ping timeout: 252 seconds]

19:09 mmu_man has joined #u-boot

19:50 mmu_man has quit [Ping timeout: 246 seconds]

19:52 mmu_man has joined #u-boot

20:03 slobodan has quit [Read error: Connection reset by peer]

20:03 slobodan has joined #u-boot

20:04 naoki has quit [Quit: naoki]

20:16 slobodan has quit [Ping timeout: 272 seconds]

20:21 Stat_headcrabbed has quit [Quit: Stat_headcrabbed]

20:33 mmu_man has quit [Ping timeout: 244 seconds]

20:35 mmu_man has joined #u-boot

20:35 alexxy has quit [Quit: No Ping reply in 180 seconds.]

20:37 alexxy has joined #u-boot

20:42 Forty-Bot has quit [Read error: Connection reset by peer]

20:47 goliath has quit [Quit: SIGSEGV]

20:50 goliath has joined #u-boot

20:55 Forty-Bot has joined #u-boot

21:19 ikarso has joined #u-boot

21:23 niska has quit [Ping timeout: 264 seconds]

21:38 niska has joined #u-boot

21:46 Wouter01002 has quit [Quit: The Lounge - https://thelounge.chat]

21:47 Wouter01002 has joined #u-boot

22:24 vagrantc has joined #u-boot

22:50 naoki has joined #u-boot

23:38 ikarso has quit [Quit: Connection closed for inactivity]